Researchers of Nozomi Networks have discovered a bug residing for 10 years that opens the way for DNS cache poisoning attacks. The bug remains in the DNS implementation uClibc and uClibc-ng C libraries which are being utilized by many popular IoT products.
Non-random ID generation
Due to the bug in uClibc and uClibc-ng libraries, the products’ ID generation for DNS responses and network communications are predictable. The uClibc library is used by Linksys, Netgear, and Axis products as well as some Linux distributions like Embedded Gentoo. The uClibc-ng is a fork of uClibc, and it is preferred for its small size.
uClibc is not being maintained by its developers since 2012. uClibc-ng on the other hand is designed to be used in OpenWRT, a Linux distribution for routers. Currently, there is no fix for the vulnerability and that’s why the affected devices are not disclosed yet. It might take a long while until the patches land on the vulnerable devices. The developers will decide to patch the library, then the vendors will implement the new libraries in their devices’ firmware. And finally, the users will need to apply the firmware patches to their devices.
We hope not to see hacking incidents because of this nasty bug. However, it seems unlikely. The users of IoT devices and routers should immediately patch their systems when new firmware lands.